F5 Networks BIG-IP : BIG-IP TMM vulnerability (K19361245)
Medium Nessus Plugin ID 118636
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionThe Traffic Management Microkernel (TMM) has a vulnerability related
to the handling of invalid IP addresses. (CVE-2017-6158)
This issue is exposed only when all of the following conditions are
You have disabled the Auto Last Hop setting at the Virtual Server,
VLAN, Tunnel, or System Wide level.
You have disabled Source VLAN Checking . Note :The Auto Last Hop
setting is enabled by default.
TMM generates a core file and restarts. The BIG-IP system fails over
to the peer device if configured as part of a high availability (HA)
SolutionUpgrade to one of the non-vulnerable versions listed in the F5